- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=freshmaker:freshmaker-stg"

- name: make the box be real
  hosts: freshmaker:freshmaker-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  pre_tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  roles:
  - base
  - rkhunter
  - nagios_client
  - hosts
  - fas_client
  - rsyncd
  - sudo
  - collectd/base

  tasks:
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: openvpn on the prod frontend nodes
  hosts: freshmaker-frontend
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
  - openvpn/client

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: set up Freshmaker frontend
  hosts: freshmaker-frontend:freshmaker-frontend-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
  - mod_wsgi
  - role: freshmaker/frontend
    # TLS is terminated for us at the proxy layer (like for every other app).
    freshmaker_force_ssl: False
    freshmaker_servername: null

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

- name: set up Freshmaker backend
  hosts: freshmaker-backend:freshmaker-backend-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - fedmsg/base
  - role: freshmaker/backend
    freshmaker_servername: freshmaker{{env_suffix}}.fedoraproject.org

  - role: keytab/service
    service: freshmaker
    owner_user: fedmsg
    owner_group: fedmsg
    host: "freshmaker{{env_suffix}}.fedoraproject.org"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
